NEW HAVEN — AS Barack Obama and China’s president, Xi Jinping, prepare to meet
in California next week, America’s relations with China are feeling
increasingly like the cold war — especially when it comes to cybersecurity.

With the two countries accusing each other of
breaking the old rules of the game, a new breed of “cyberhawks” on both sides
are arguing for cold-war-like escalation that could turn low-level
cyberconflict into total war.

But treating today’s Beijing like Brezhnev’s Moscow
distorts the nature of the threat and how Washington should respond to it.

In confronting today’s cyberbattles, the United
States should think less about Soviets and more about pirates. Indeed, today’s
cybercompetition is less like the cold war than the battle for the New World.

In the era after the discovery of the Americas,
European states fought for mastery over the Atlantic. Much like the Internet
today, the ocean then was a primary avenue for trade and communication that no
country could cordon off.

At that time, the Spanish empire boasted a fearsome
navy, but it could not dominate the seas. Poorer and weaker England tested
Spain’s might by encouraging and equipping would-be pirates to act on its
behalf without official sanction. These semi-state-sponsored privateers robbed
Spain of gold and pride as they raided ships off the coasts of the New World
and Spain itself, enriching the English crown while augmenting its naval
power. Spain’s inability to attribute the attacks directly to England allowed
Queen Elizabeth I to level the playing field in an arena lacking laws or
customs.

Today’s cyberbattles aren’t so different.

Next week’s summit takes place amid reports of
increasingly sophisticated Chinese cyberespionage. Earlier this week, evidence
surfaced that Chinese hackers had gained access to several top-secret
Pentagon programs. That followed news that cyberunits believed to be linked to
the Chinese Army have
resumed attacks on American businesses and government agencies.

As tensions deepen, hawkish Chinese military leaders
are paving the way for offensive war. A
study by a RAND Corporation expert cited Chinese sources calling for
pre-emptive cyberstrikes “under the rubric of the rising Chinese strategy of
xianfa zhiren, or ‘gaining mastery before the enemy has struck.’ ” And a
recent paper found that Chinese military officials have contemplated using
cyberweapons like Stuxnet, which
the United States and Israel deployed against Iran’s nuclear program, to
target critical infrastructure.

American policy makers are beginning to view their
cyberstruggle with China through a cold war lens. One Pentagon official
recently
said that while during the cold war America focused “on the nuclear
command centers around Moscow,” today American leaders “worry as much about
the computer servers in Shanghai.”

Another senior official
declared that “the Cold War enforced norms, and the Soviets and the United
States didn’t go outside a set of boundaries.” But, he argued, “China is going
outside those boundaries now.”

Among those who view these hostilities as the cold
war redux, some are proposing a more strident response. Earlier this year, the
United States military
announced the formation of 13 units dedicated to offensive cyberstrikes
and
endorsed pre-emptive cyberattacks. And late last month, Jon M. Huntsman Jr.,
the former ambassador to China, and Dennis C. Blair, the former director of
national intelligence,
suggested allowing American companies to retaliate against Chinese hackers
on their own.

This emergence of cyberhawks in both nations raises
the odds of a hack’s becoming a cyberwar. These voices could pressure both
nations to treat any escalating cyberconflict as a latter-day Cuban missile
crisis.

But the cold war model of a struggle with calibrated
boundaries, clear rules, and the threat of mutual assured destruction simply
doesn’t fit cyberspace.

The first major difference is terrain. The United
States and the Soviet Union fought for global influence, manning divisions
here and infiltrating covert operatives there. The Internet is more fluid.
Neither the United States nor China can slice cyberspace into the reassuring
structure of spheres of influence. With no obvious borders for states to
violate or defend, power in cyberspace is at once easier to exercise and
harder to maintain, a battle of subtleties rather than hard-nosed deterrence.

There are also more players today. The United States
and the Soviet Union were the world’s unmatched nuclear powers. But in the
cyberrealm, the United States and China stand only just ahead of other
nations, hacker groups and individuals in their ability to inflict damage. And
all of these actors can hide behind layers of networks and third parties,
making it difficult to discover not only who attacked but also how and when.
There will, in most cases, be plausible deniability. Even if American and
Chinese policy makers wanted to manage the Web as carefully as their
predecessors did the cold war, no working group could tame this instability.

With nations still navigating how to interact on the
Web and arguments persisting about whether international law applies to the
Internet, there are few established customs of cyberbehavior, legal or
implicit. The United States should not expect China to follow the rules of a
previous era. The norms of American-Soviet conflict, which themselves emerged
out of years of gunpoint diplomacy, can’t be grafted onto cyberspace.

If American policy makers continue to define the
cyberstruggle between Washington and Beijing as a new cold war, they will not
meet the challenge. Viewing China’s actions through an obsolete lens will give
them a distorted sense of its intentions. And it will limit American
retaliation to the outmoded rules of a bygone battle.

If they must look to the past, they should heed the
lessons of the 16th century, not the 20th. In 1588, the Spanish crown, in no
small part due to its frustration with English piracy, resorted to massive
retaliation, sending its armada to overthrow Queen Elizabeth. That move ended
in disaster and an overwhelming English victory.

Instead of trying to beat back the New World
instability of the Internet with an old playbook, American officials should
embrace it. With the conflict placed in its proper perspective, policy makers
could ratchet down the rhetoric and experiment with a new range of responses
that go beyond condemnation but stop short of all-out cyberwar — giving them
the room to maneuver without approaching cyberconflict as a path to Defcon 1.

In these legally uncharted waters, only Elizabethan
guile, not cold war brinkmanship, will steer Washington through the storm.

Jordan Chandler Hirsch, a former staff editor at Foreign Affairs, and Sam
Adelsberg, a fellow at the Yale Information Society Project, are students at
Yale Law School.